A method and apparatus for providing in a packet data telecommunication network serving one or more end terminals and/or Mobile Stations (MSs), a method for establishing, managing, modifying, and terminating an End-to-End (E2E) Emergency Service (ES) Chain-of-Trust (CoT) from an Access Serving Network (ASN) and Connectivity Service Network (CSN) to a PSAP, PSAP proxy, or PSAP (i.e. PSTN) gateway that results in the creation of a trust relationship amongst the components in the established ES CoT necessary to allow or validate the granting of any unauthenticated or unprovisioned ES network access and ES operation establishment, modification, and termination requests from amongst the components in an ES CoT to assist a particular terminal/MS or ES network component attempting to establish an ES session between the ES user agent of the terminal/MS and a serving PSAP.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. In a packet data telecommunication network serving one or more end terminals and/or Mobile Stations (MSs), a method for establishing, managing, modifying, and terminating an End-to-End (E2E) Emergency Service (ES) Chain-of-Trust (CoT) from an Access Serving Network (ASN) and Connectivity Service Network (CSN) to a PSAP, PSAP proxy, or PSAP gateway, the method comprising: creating a trust relationship amongst components in the established ES CoT; allowing or validating the granting of any unauthenticated or unprovisioned ES network access and ES operation establishment, modification, and termination requests from amongst the components in an ES CoT based on the created trust relationship; and assisting a particular terminal/MS or ES network component attempting to establish an ES session between an ES user agent of the terminal/MS and a serving PSAP.
In packet data telecommunication networks serving end terminals and mobile stations (MSs), ensuring secure and reliable emergency service (ES) communication is critical. The invention addresses the challenge of establishing, managing, and terminating an end-to-end (E2E) emergency service chain-of-trust (CoT) between network components, including the access serving network (ASN), connectivity service network (CSN), and public safety answering points (PSAPs), PSAP proxies, or PSAP gateways. The method creates a trust relationship among all components within the ES CoT, enabling the validation and granting of unauthenticated or unprovisioned ES network access requests. This includes operations such as establishing, modifying, and terminating ES sessions based on the established trust. The system also assists specific terminals or MSs in initiating an ES session between the terminal's ES user agent and the serving PSAP, ensuring seamless and secure emergency communication. The solution enhances reliability and security in emergency services by dynamically managing trust relationships and validating requests without requiring prior authentication or provisioning.
2. The method of claim 1 wherein the ES operation requested through the ES CoT is terminated and performed within one of the components in the CoT.
This claim describes a way to handle a specific task ("ES operation") by stopping the original request and completing it within one of the parts of a system.
3. The method of claim 1 wherein the ES operation includes an establishment, modification, or termination of one or more network layer based Hotline rule operations used to block or restrict some or all non-ES based network layer traffic.
This invention relates to network security, specifically to methods for managing network traffic using Hotline rules at the network layer. The problem addressed is the need to control or restrict non-essential network traffic while allowing critical communications, particularly in scenarios where certain traffic must be prioritized or isolated. The method involves performing an ES (Emergency Services) operation, which includes establishing, modifying, or terminating Hotline rules at the network layer. These rules are used to block or restrict some or all non-ES-based network traffic, ensuring that only authorized or essential communications are permitted. The Hotline rules operate at the network layer, meaning they apply to traffic routing and forwarding decisions rather than higher-layer protocols like transport or application layers. The method may also involve dynamically adjusting these rules based on network conditions, security policies, or operational requirements. For example, during an emergency, the system may establish Hotline rules to block all non-emergency traffic while allowing only emergency communications. Similarly, the rules can be modified or terminated as conditions change, such as when the emergency is resolved or when new security policies are applied. This approach ensures that critical communications remain uninterrupted while minimizing unnecessary or potentially malicious traffic, improving network security and reliability. The method is particularly useful in environments where selective traffic control is required, such as in emergency response systems, critical infrastructure networks, or high-security environments.
4. The method of claim 1 wherein the ES operation includes an establishment, modification, or termination of one or more network layer based high-QoS Service Flows and/or classifiers for ES network layer traffic.
This invention relates to network communication systems, specifically methods for managing high-quality-of-service (QoS) service flows and classifiers in network layer traffic. The problem addressed is the need for efficient establishment, modification, or termination of high-QoS service flows and classifiers to ensure reliable and prioritized data transmission in network communications. The method involves performing an emergency services (ES) operation that includes creating, updating, or ending one or more network layer-based high-QoS service flows. These service flows are designed to prioritize critical traffic, such as emergency communications, by allocating dedicated network resources. Additionally, the method may involve managing classifiers that categorize and prioritize network traffic based on predefined criteria, ensuring that high-priority data is handled appropriately. The invention ensures that emergency services traffic is given the necessary bandwidth and priority to function effectively, even in congested network conditions. By dynamically adjusting service flows and classifiers, the system adapts to changing network demands while maintaining high QoS for critical communications. This approach enhances reliability and performance in emergency scenarios where timely and uninterrupted data transmission is essential.
5. The method of claim 1 wherein the ES operation includes an establishment, modification, or termination of one or more session and/or application layer based Hotline rule operations to block or restrict some or all non-ES based session and/or application layer traffic.
This invention relates to network communication management, specifically to controlling session and application layer traffic in enterprise systems (ES). The problem addressed is the need to selectively block or restrict non-enterprise system (non-ES) traffic at the session or application layer to enhance security and efficiency. The method involves establishing, modifying, or terminating Hotline rule operations within the ES to filter or restrict unauthorized or unwanted traffic. These rules can be applied to block specific types of traffic, such as non-ES-based sessions or applications, while allowing legitimate enterprise communications to proceed. The rules may be dynamically adjusted based on network conditions, security policies, or user requirements. The approach ensures that only authorized traffic flows through the network, reducing vulnerabilities and improving performance. The invention is particularly useful in environments where strict control over session and application layer communications is necessary, such as in corporate networks or secure data centers. The method may be implemented using existing network infrastructure, including firewalls, proxies, or dedicated traffic management systems. The rules can be configured to operate at different layers of the network stack, ensuring comprehensive traffic control. The solution provides a flexible and scalable way to manage network traffic while maintaining security and operational efficiency.
6. The method of claim 1 wherein the ES operation includes an establishment, modification, or termination of one or more session and/or application layer based high QoS Service Flows and/or classifiers for ES based session and application layer traffic.
This invention relates to enhancing quality of service (QoS) in communication networks by managing session and application layer traffic through high QoS service flows and classifiers. The technology addresses the challenge of ensuring reliable and efficient data transmission for session and application layer traffic, which often requires prioritization and dedicated resources to meet performance demands. The method involves performing an establishment, modification, or termination of one or more session and application layer based high QoS service flows. These service flows are configured to handle specific types of traffic, ensuring that critical data receives the necessary bandwidth, latency, and reliability. Additionally, the method includes the use of classifiers to identify and categorize traffic based on session and application layer characteristics, enabling dynamic allocation of resources according to predefined QoS policies. By dynamically adjusting service flows and classifiers, the system optimizes network performance for real-time applications such as video streaming, voice over IP (VoIP), and other latency-sensitive services. The approach ensures that traffic is processed efficiently, reducing congestion and improving overall user experience. The solution is particularly useful in environments where multiple applications compete for network resources, requiring intelligent traffic management to maintain service quality.
7. The method of claim 1 wherein an ES operation request is sent from the terminal/MS associated with the establishing or established ES, a router or firewall providing ASN gateway access for the terminal/MS, or one of the components of the established CoT.
This invention relates to communication systems, specifically methods for managing emergency services (ES) operations in a communication network. The problem addressed is the need for efficient and reliable transmission of ES operation requests within a network, particularly in scenarios involving emergency services, terminals, or mobile stations (MS), routers, firewalls, or components of a Command and Control (CoT) system. The method involves sending an ES operation request from a terminal or mobile station associated with an established or establishing emergency service, a router or firewall providing Access Stratum Network (ASN) gateway access for the terminal or mobile station, or one of the components of the established CoT. The ES operation request is transmitted to facilitate emergency communication, coordination, or resource allocation. The method ensures that the request is properly routed and processed within the network, enhancing the reliability and responsiveness of emergency services. The invention may also include additional steps such as establishing the emergency service, configuring network components, or verifying the request before transmission. The overall goal is to improve the efficiency and effectiveness of emergency service operations in communication networks.
8. The method of claim 1 wherein the CoT establishment, modification, or termination request is sent from the terminal/MS associated with the establishing or established ES, a router or firewall providing ASN gateway access for the terminal/MS, one of the components of the established CoT, or a legacy PSTN based PSAP that may not be a direct component of the established ES CoT.
This invention relates to communication systems, specifically methods for managing communication over transport (CoT) sessions in wireless networks. The problem addressed is the need for flexible and efficient establishment, modification, or termination of CoT sessions, which are used to route emergency calls and other critical communications. The invention provides a method where a CoT establishment, modification, or termination request can be initiated from various sources, including the terminal or mobile station (MS) associated with the emergency service (ES), a router or firewall acting as an access service network (ASN) gateway for the terminal, a component of the established CoT, or a legacy public switched telephone network (PSTN)-based public safety answering point (PSAP) that may not be directly part of the CoT. This flexibility ensures that CoT sessions can be managed dynamically, improving reliability and responsiveness in emergency communication scenarios. The method supports interoperability between modern wireless networks and legacy systems, ensuring seamless communication during critical situations. The invention enhances the robustness of emergency communication infrastructure by allowing multiple points of control for CoT session management.
9. The method of claim 8 wherein the CoT is established or terminated in an uplink manner.
This invention relates to communication systems, specifically methods for establishing or terminating a connection over the air (CoT) in a wireless network. The problem addressed is the need for efficient and flexible control of wireless connections, particularly in scenarios where centralized control may be impractical or undesirable. The method involves establishing or terminating a connection over the air (CoT) in an uplink manner, meaning the initiation or termination is driven by the user device rather than a central network controller. This approach reduces reliance on network infrastructure, improving scalability and resilience. The method may include steps such as detecting a trigger condition (e.g., signal strength, user input, or network load) at the user device, generating a request to establish or terminate the CoT, and transmitting the request to the network. The network then processes the request and either grants the connection or confirms termination. This uplink-driven process allows for faster response times and reduces signaling overhead in the network. The method may also involve authentication and authorization steps to ensure secure connection management. Additionally, the system may support dynamic adjustments based on real-time conditions, such as adjusting connection parameters or switching between different communication protocols. This flexibility enhances performance in varying network environments. The invention is particularly useful in decentralized networks, IoT applications, and scenarios where low-latency communication is critical.
10. The method of claim 8 wherein the CoT is established or terminated in a downlink manner.
This method controls when devices can transmit data by starting or stopping their transmission permission signal from a base station to the device.
11. The method of claim 8 wherein the CoT is established or terminated in an intermediate manner.
A system and method for managing a communication over the top (CoT) connection in a wireless network addresses the challenge of efficiently establishing and terminating CoT sessions while optimizing network resources. The invention provides a mechanism to dynamically adjust CoT connections in an intermediate manner, allowing for partial or gradual establishment or termination rather than abrupt full activation or deactivation. This intermediate approach enables smoother transitions, reduces latency, and minimizes disruptions during session changes. The method involves monitoring network conditions, user device capabilities, and service requirements to determine the optimal timing and extent of CoT adjustments. By implementing intermediate CoT management, the system ensures seamless connectivity, improves resource utilization, and enhances user experience in wireless communication environments. The invention is particularly useful in scenarios where rapid or frequent CoT changes are necessary, such as in high-mobility or high-density network deployments. The intermediate CoT control mechanism can be integrated into existing network infrastructure, including base stations, core network elements, and user devices, to provide flexible and adaptive communication management.
12. The method of claim 8 wherein an ES CoT modification request is triggered by a handoff operation of a MS from a first serving ASN/CSN to a secondary serving ASN/CSN.
This invention relates to wireless communication systems, specifically handling context transfer (CoT) modifications during mobile station (MS) handoffs between access service networks (ASN) and core service networks (CSN). The problem addressed is ensuring seamless service continuity when a mobile device transitions between different network service providers or network segments, which requires efficient transfer and modification of the device's context information. The method involves triggering an Evolved System (ES) CoT modification request during a handoff operation. When a mobile station (MS) moves from a first serving ASN/CSN to a secondary serving ASN/CSN, the handoff process initiates the CoT modification. This ensures that the MS's context, such as session parameters, authentication data, and quality of service (QoS) settings, is properly updated and synchronized between the new and old serving networks. The modification request may include updated context information or adjustments to existing context data to maintain uninterrupted service. The method supports dynamic network environments where multiple service providers or network segments are involved, ensuring that the MS's context remains accurate and consistent across different network domains. This approach improves handoff reliability and reduces service disruptions during mobility events.
13. The method of claim 1 wherein a component in an establishing or established ES CoT can modify an ES operation request, through interception and alteration/extension to said ES operation request in order to take into account the impact the said component has on the end-to-end routing and characteristics of the data and control plane bearers associated with the established or establishing ES.
This invention relates to enhancing communication systems, specifically within an End-to-End Service (ES) Communication over Transport (CoT) framework. The problem addressed is the need for components within an ES CoT to dynamically adjust operation requests to account for their impact on routing and bearer characteristics in both data and control planes. The method involves a component within an ES CoT, either during establishment or after establishment, intercepting and modifying an ES operation request. This modification includes altering or extending the request to consider how the component affects end-to-end routing and the properties of associated bearers. The bearers include both data and control plane bearers, ensuring that the communication system adapts to the component's influence on network performance and reliability. This dynamic adjustment allows for optimized routing and bearer characteristics, improving overall system efficiency and adaptability. The method ensures that components can proactively manage their impact on the network, enhancing service quality and reducing potential disruptions.
14. The method of claim 12 wherein the ES CoT component is a VPN server or client that alters or extends the content of an ES operation request to take into account the changes to the ES data and control plane bearer routing caused by the VPN tunneling of ES and non-ES traffic.
This invention relates to network communication systems, specifically methods for managing data and control plane bearer routing in environments where both enterprise services (ES) and non-enterprise traffic are transmitted over a virtual private network (VPN). The problem addressed is the disruption caused by VPN tunneling, which can alter the expected routing paths for ES operations, leading to inefficiencies or failures in service delivery. The method involves using an ES Change of Traffic (CoT) component, which functions as either a VPN server or client. This component modifies or extends the content of an ES operation request to account for changes in data and control plane bearer routing introduced by VPN tunneling. By dynamically adjusting the request, the system ensures that ES operations remain consistent and reliable despite the routing modifications imposed by the VPN. The CoT component may also interact with other network elements to maintain proper routing and service continuity. The solution is particularly useful in scenarios where VPNs are used to secure traffic, but where traditional routing assumptions for ES operations no longer apply. The method ensures that ES operations are properly adapted to the VPN environment, preventing disruptions and maintaining service integrity. The invention may be applied in enterprise networks, cloud computing, or any system where VPNs are used alongside enterprise services.
15. The method of claim 12 wherein the ES CoT component is a VoIP server/service or client.
This relates to a method where a component that handles emergency calls for things like remote workers is a Voice over Internet Protocol (VoIP) system, either a server, service, or client.
16. The method of claim 12 wherein the ES CoT component is an Instant Messaging (IM) server/service or client.
This invention relates to a system for enhancing electronic communication by integrating an Explicit Semantic Control (ES CoT) component into messaging platforms. The technology addresses the challenge of improving communication clarity and context in digital interactions, particularly in environments where users may have varying levels of familiarity with technical or specialized terminology. The system includes a messaging platform, such as an Instant Messaging (IM) server, service, or client, that incorporates an ES CoT component. This component processes messages to identify and clarify ambiguous or technical terms by providing contextual explanations or definitions. The messaging platform may also include a user interface for displaying these explanations alongside the original messages, ensuring that recipients can better understand the content without disrupting the conversation flow. The ES CoT component operates by analyzing incoming messages for terms that may require clarification. It then retrieves relevant contextual information from a knowledge base or external data source and presents it in a user-friendly format. The system may also allow users to customize the level of detail or type of explanations they receive, enhancing personalization and usability. Additionally, the system may support real-time collaboration features, where multiple users can interact with the ES CoT component to refine or expand explanations collaboratively. This ensures that the information remains accurate and up-to-date, particularly in dynamic or rapidly evolving fields. The integration of the ES CoT component into IM platforms aims to reduce misunderstandings and improve communication efficiency in both professional and personal settings.
17. The method of claim 12 wherein the ES CoT component is a real-time text server/service or client.
This claim describes a way to process information, where a part of the system that handles the information is either a server or a client that deals with text in real-time.
18. The method of claim 12 wherein the ES CoT component is an Internet Multimedia Service (IMS) based server/service or client.
This relates to a way of handling emergency calls that uses an Internet-based phone system (like voice over IP) for some parts of the call. Specifically, the emergency call component mentioned earlier is handled by software or hardware that uses the Internet Multimedia Subsystem (IMS) protocol.
19. The method of claim 1 wherein the components of an established ES CoT can include any networking component along the establishing or established ES control and data plane end-to-end link between an ASN/CSN and a PSAP that acts on the control and data plane traffic used for the CoT establishment, modification, or termination messaging as well as the ES operation request/response messaging to alter or extend the ES control plane route to achieve, maintain, and terminate the intended ES establishment.
This invention relates to emergency services (ES) communication systems, specifically methods for establishing, modifying, and terminating emergency services control and data plane traffic between an access service network/core service network (ASN/CSN) and a public safety answering point (PSAP). The problem addressed is the need for flexible and reliable control of emergency service communication paths, ensuring seamless establishment, modification, and termination of connections while handling both control and data plane traffic. The method involves components within an established emergency services communication over the top (ES CoT) system that can include any networking component along the end-to-end link between the ASN/CSN and the PSAP. These components act on control and data plane traffic used for CoT establishment, modification, or termination messaging. Additionally, they handle ES operation request/response messaging to alter or extend the control plane route, ensuring the intended ES connection is achieved, maintained, and terminated as required. The system dynamically adjusts the control plane route to support the necessary communication paths, improving reliability and flexibility in emergency service communications.
20. The method of claim 19 wherein a component of an established ES CoT is a PSAP, PSAP gateway, or PSAP proxy.
This invention relates to emergency services communication systems, specifically improving the integration of Public Safety Answering Points (PSAPs) within an Emergency Services Communication over The Top (ES CoT) architecture. The problem addressed is the need for seamless and reliable connectivity between emergency callers and PSAPs through modern IP-based communication networks, ensuring that emergency services can be accessed regardless of the caller's device or network. The method involves incorporating a PSAP, PSAP gateway, or PSAP proxy as a component within an established ES CoT system. This integration allows the ES CoT to route emergency calls, data, or other communications directly to the appropriate PSAP or intermediary gateway, ensuring proper handling and dispatch of emergency services. The PSAP component may act as the final destination for emergency communications or as an intermediary that processes and forwards the information to the correct PSAP based on location or other criteria. The PSAP gateway or proxy can also translate or adapt the communication protocols between the caller's device and the PSAP, ensuring compatibility and reliability. This approach enhances the flexibility and interoperability of emergency communication systems, enabling faster and more accurate emergency response by leveraging modern IP-based networks while maintaining compatibility with existing PSAP infrastructure. The solution ensures that emergency services remain accessible even as communication technologies evolve.
21. The method of claim 19 wherein a component of an established ES CoT is a network service that support an ES capability server or a video conferencing server.
This invention relates to enterprise systems (ES) and their capabilities, particularly focusing on the establishment and management of chains of trust (CoT) within such systems. The problem addressed involves ensuring secure and trusted interactions between various components of an enterprise system, including network services that support enterprise capability servers or video conferencing servers. The invention provides a method for integrating these network services into an established ES CoT, ensuring that they operate within a trusted framework. The method involves verifying the identity and integrity of the network service before allowing it to participate in the CoT, thereby enhancing security and trust in enterprise communications and operations. The solution is designed to be flexible, accommodating different types of network services while maintaining strict security protocols. This approach is particularly useful in environments where secure collaboration and data exchange are critical, such as in enterprise video conferencing or cloud-based enterprise applications. The invention ensures that all components within the CoT adhere to predefined security and trust standards, reducing the risk of unauthorized access or data breaches.
22. The method of claim 19 wherein a component of an established ES CoT is an IP Multimedia System (INIS) server component of a home or visited network or service provider.
This invention relates to the field of communication networks, specifically enhancing the establishment and management of Emergency Services Communication over Telecommunications (ES CoT) systems. The problem addressed is the need for reliable and efficient routing of emergency communications through various network components, particularly in scenarios involving IP Multimedia Systems (IMS) servers in home, visited, or service provider networks. The method involves integrating an IMS server as a key component within an established ES CoT system. The IMS server facilitates the handling of emergency calls, ensuring proper routing, authentication, and service delivery. This integration allows the ES CoT system to leverage existing IMS infrastructure, which is commonly used for voice and multimedia services, to improve the reliability and interoperability of emergency communications. The IMS server may operate in a home network, where the subscriber is registered, or in a visited network, where the user is temporarily located, ensuring seamless emergency service access regardless of the user's location. Additionally, the IMS server may be part of a service provider's network, enabling centralized management and coordination of emergency services across multiple networks. The method ensures that emergency calls are prioritized, securely routed, and properly authenticated, enhancing the overall efficiency and effectiveness of emergency response systems.
23. The method of claim 19 wherein a component of an established ES CoT is a Policy Charging and Control (PCC) server component of a home network, visited network, or Application Service Provider (ASP).
The invention relates to a method for managing policy and charging control (PCC) in communication networks, particularly within an established Evolved Services Core (ES CoT) architecture. The ES CoT framework integrates various network components to provide seamless service delivery across different network domains, including home networks, visited networks, and Application Service Provider (ASP) environments. The method addresses the challenge of efficiently coordinating policy and charging decisions across these diverse network environments to ensure consistent service quality and billing accuracy. The PCC server component, as part of the ES CoT, is responsible for enforcing policy rules and controlling charging mechanisms for network services. This component interacts with other network elements to apply policies based on subscriber profiles, service requirements, and network conditions. By integrating the PCC server within the ES CoT, the method ensures that policy and charging decisions are dynamically adjusted to meet real-time network demands and service-level agreements. The solution enhances interoperability between different network domains, reducing complexity and improving efficiency in policy management and charging operations. This approach is particularly beneficial in scenarios where users roam across multiple networks or access services from different providers, ensuring a unified and consistent experience.
24. The method of claim 19 wherein a component of an established ES CoT is a VPN server.
A system and method for establishing and managing an Enterprise Security Control Tower (ES CoT) framework integrates multiple security components to enhance threat detection, response, and compliance monitoring. The framework includes a centralized control tower that aggregates security data from various sources, such as firewalls, intrusion detection systems, and endpoint protection tools, to provide real-time visibility into an organization's security posture. The control tower processes this data using advanced analytics and machine learning to identify threats, correlate events, and automate responses. The framework also supports compliance monitoring by mapping security controls to regulatory requirements and generating audit-ready reports. One specific implementation involves configuring a component of the ES CoT as a Virtual Private Network (VPN) server. The VPN server secures remote access to the control tower and its associated security tools, ensuring encrypted communication between remote users and the centralized system. This integration allows authorized personnel to securely access the control tower from external locations while maintaining the integrity and confidentiality of security data. The VPN server may also enforce authentication and authorization policies to restrict access based on user roles and permissions, further enhancing security. This approach ensures that remote users can interact with the control tower without compromising the overall security framework.
25. The method of claim 19 wherein a component of an established ES CoT is a VPN client.
A method for enhancing secure communication in an enterprise system (ES) involves establishing a chain of trust (CoT) between multiple components within the ES. The CoT ensures secure and authenticated communication by verifying the identity and integrity of each component before allowing interaction. One component within this CoT is a virtual private network (VPN) client, which securely connects remote users or devices to the enterprise network. The VPN client operates as part of the CoT, meaning its identity and communication channels are validated before it can participate in the secure exchange of data. This ensures that only trusted VPN clients can access the enterprise network, reducing the risk of unauthorized access or data breaches. The method may also include additional components, such as authentication servers, encryption modules, or other security protocols, all working together to maintain the integrity of the CoT. The VPN client's integration into the CoT provides an additional layer of security, ensuring that remote connections are authenticated and encrypted before accessing sensitive enterprise resources. This approach improves overall network security by enforcing strict trust relationships between all communicating components.
26. The method of claim 19 wherein a component of an established ES CoT is a firewall.
A system and method for managing electronic security (ES) chains of trust (CoT) in computing environments involves establishing and maintaining secure communication paths between components. The invention addresses the challenge of ensuring secure data transmission and access control in distributed systems by defining a structured CoT framework. This framework includes multiple components, each with defined security roles and responsibilities, to enforce security policies and verify the integrity of communications. One aspect of the invention involves integrating a firewall as a component within the ES CoT. The firewall acts as a security barrier, monitoring and controlling incoming and outgoing network traffic based on predefined security rules. By incorporating the firewall into the CoT, the system ensures that all communications between components adhere to strict security protocols, preventing unauthorized access and data breaches. The firewall may also perform authentication and encryption tasks to further enhance security. The method includes steps for initializing the CoT, verifying the authenticity of each component, and dynamically adjusting security policies based on real-time threat assessments. The firewall component may be configured to block suspicious traffic, enforce access controls, and log security events for auditing purposes. This approach provides a robust security solution for protecting sensitive data and maintaining the integrity of the CoT in various computing environments.
27. The method of claim 19 wherein a component of an established ES CoT is a router using NAT.
A system and method for managing network communications in an established Enterprise Security Content Trust (ES CoT) environment involves a router configured with Network Address Translation (NAT). The router operates within the ES CoT framework, which ensures secure and trusted data exchange between networked devices. The NAT functionality allows the router to translate private IP addresses within the enterprise network to public IP addresses for external communication while maintaining security and integrity. This enables seamless and secure data transmission between internal and external networks, addressing challenges related to privacy, security, and interoperability in enterprise environments. The router may also enforce security policies, monitor traffic, and prevent unauthorized access, ensuring compliance with enterprise security standards. The method ensures that all communications within the ES CoT remain trusted and secure, even when traversing different network domains. This approach enhances network security, simplifies management, and supports scalable and reliable communication in enterprise settings.
28. The method of claim 19 wherein a component of an established ES CoT is a Customer Premises Equipment (CPE) device linking one or more terminals/MSs to an ASN over a Small Office Home Office (SOHO) or other local network.
This invention relates to wireless communication systems, specifically enhancing connectivity in small office/home office (SOHO) or local networks. The problem addressed is improving integration and management of customer premises equipment (CPE) devices that connect multiple terminals or mobile stations (MSs) to an access service network (ASN) in evolved small cell (ES CoT) architectures. The method involves using a CPE device as a component within an established ES CoT network. The CPE acts as a bridge, linking one or more terminals or MSs to the ASN over a SOHO or other local network. This setup enables efficient communication between the terminals and the broader network infrastructure, optimizing resource allocation and reducing latency. The CPE may also handle tasks such as authentication, signal processing, and traffic management to ensure seamless connectivity. By integrating the CPE into the ES CoT framework, the system enhances scalability, reliability, and performance for users in SOHO environments. The solution is particularly useful for improving network efficiency in dense or high-traffic areas where multiple devices require stable and low-latency connections.
29. The method of claim 19 wherein a component of an established ES CoT is an Emergency Services Routing Proxy Server.
This method uses a special server (Emergency Services Routing Proxy Server) as part of the system that helps route emergency calls within a specific area.
30. The method of claim 19 wherein a component of an established ES CoT is an SIP server.
The invention relates to a method for implementing an established Enterprise Session Control (ES CoT) architecture, specifically where a component of the ES CoT is an SIP (Session Initiation Protocol) server. The ES CoT architecture is designed to manage and control communication sessions within an enterprise environment, ensuring secure, reliable, and scalable session handling. The SIP server within this architecture facilitates the initiation, modification, and termination of real-time communication sessions, such as voice, video, or messaging, using SIP protocols. The method involves integrating the SIP server as a core component to handle session signaling, routing, and management, enabling seamless interoperability with other enterprise communication systems. The SIP server may also enforce security policies, authenticate users, and manage session states to ensure compliance with enterprise requirements. This integration allows for centralized control of communication sessions, improving efficiency and reducing complexity in managing diverse communication services within the enterprise. The method ensures that the SIP server operates within the ES CoT framework, providing a unified approach to session control and enhancing the overall reliability and performance of enterprise communication systems.
31. The method of claim 19 wherein a component of an established ES CoT is an SIP registrar.
This invention relates to the field of telecommunications, specifically to the integration of Session Initiation Protocol (SIP) registrars within an established Enterprise Session Control (ES CoT) architecture. The problem addressed is the need for seamless interoperability between SIP-based communication systems and enterprise session control frameworks, ensuring efficient call routing, authentication, and session management. The invention describes a method where a SIP registrar is incorporated as a component within an ES CoT system. The SIP registrar functions as a server that stores and manages user location information, enabling SIP clients to register their current network addresses. This allows the ES CoT to dynamically route SIP-based calls and sessions to the correct endpoints. The registrar also handles authentication and authorization, ensuring secure communication within the enterprise network. The method involves integrating the SIP registrar with the ES CoT’s existing session control mechanisms, such as call routing, session establishment, and termination protocols. This integration ensures that SIP-based communication sessions are managed consistently with the enterprise’s session control policies. The registrar may also interact with other components of the ES CoT, such as session border controllers or application servers, to enforce quality of service (QoS) and security policies. By embedding a SIP registrar within the ES CoT, the invention provides a unified framework for managing both SIP and non-SIP communication sessions, improving scalability, security, and interoperability in enterprise telecommunication networks.
32. The method of claim 19 wherein a component of an established ES CoT is an SIP proxy server.
This method uses a type of server called an "SIP proxy server" as part of managing an existing system for communication between emergency services.
33. The method of claim 19 wherein a component of an established ES CoT is a roaming ASN from a visited-network that can provide ES-only and/or general network connectivity access to a terminal/MS attempting to access a home-network ES.
This invention relates to mobile network connectivity, specifically addressing challenges in providing emergency services (ES) and general network access to a mobile terminal or subscriber (MS) when roaming in a visited network. The problem solved is ensuring seamless access to emergency services and network connectivity when a terminal is outside its home network, particularly when the visited network may not support full roaming agreements or standard connectivity protocols. The method involves using a roaming Access Service Network (ASN) from the visited network to facilitate access to the home network's emergency services. The roaming ASN acts as an intermediary, enabling the terminal to connect to the home network's emergency services infrastructure even if the visited network does not provide full roaming capabilities. This ASN can provide either emergency-only connectivity or broader network access, depending on the configuration and agreements between the networks. The solution ensures that critical emergency services remain accessible regardless of the terminal's location or the visited network's limitations. The approach leverages existing network components and protocols to maintain reliability and compatibility across different network environments. This method is particularly useful in scenarios where traditional roaming agreements are insufficient or unavailable, ensuring uninterrupted access to essential services.
34. The method of claim 1 wherein the ES CoT is established, modified, and terminated utilizing a Public Key Infrastructure (PKI) to allow for a component of an establishing or established ES CoT to authenticate another component to be added to the same ES CoT.
This invention relates to secure communication networks, specifically a method for establishing, modifying, and terminating an End-to-End Secure Communication Trust (ES CoT) using Public Key Infrastructure (PKI). The ES CoT is a secure communication network where components (e.g., devices, nodes, or systems) can authenticate and communicate securely with each other. The problem addressed is ensuring secure and authenticated communication within a dynamic network where components may join or leave the network over time. The method involves using PKI to authenticate components when establishing, modifying, or terminating the ES CoT. When a new component is added to an existing ES CoT, the PKI verifies its identity and ensures it is authorized to join. Similarly, when modifying the ES CoT (e.g., changing communication parameters or roles), PKI ensures only authorized components can make changes. Termination of the ES CoT is also managed securely, ensuring that only authorized components can dissolve the network. The PKI provides cryptographic keys and certificates to authenticate components, preventing unauthorized access or tampering. This approach enhances security by ensuring that all components in the ES CoT are authenticated and authorized before participating in communication, reducing the risk of unauthorized access or attacks. The use of PKI allows for scalable and flexible authentication, making it suitable for dynamic networks where components may frequently join or leave.
35. The method of claim 34 wherein the PKI provides a common format for public key certificates combined with a certification path validation algorithm to allow for a component of an establishing or established ES CoT to authenticate another component to be added to the same ES CoT.
This invention relates to secure communication in an Energy Systems Communication Technology (ES CoT) network, addressing the challenge of securely authenticating new components joining an existing or newly established ES CoT. The solution leverages a Public Key Infrastructure (PKI) to standardize public key certificates and implement a certification path validation algorithm. This ensures that any component within an ES CoT can verify the identity and trustworthiness of another component before allowing it to join the network. The PKI framework provides a unified format for certificates, enabling consistent authentication across the system. The certification path validation algorithm ensures that the chain of trust is properly verified, preventing unauthorized or compromised components from being added to the ES CoT. This method enhances security by ensuring that only authenticated and trusted components are integrated into the network, reducing the risk of unauthorized access or tampering. The approach is particularly useful in energy systems where secure communication between components is critical for operational integrity and safety.
36. The method of claim 35 wherein the common format for public key certificates and a certification path validation algorithm are provided through the use of X.509 digital certificates with a root certificate associated with a regional and/or world-wide ES component accreditation authority.
This invention relates to a system for validating digital certificates in a secure communication environment, particularly for electronic support (ES) components. The problem addressed is the need for a standardized and trusted method to verify the authenticity and validity of public key certificates used in secure communications, ensuring that only accredited ES components can participate in the network. The method involves using X.509 digital certificates, which are widely recognized for their structure and security features. These certificates include a root certificate issued by a regional or worldwide accreditation authority for ES components. The root certificate serves as a trusted anchor, allowing the system to validate the entire certification path. The certification path validation algorithm ensures that each certificate in the chain is properly signed and linked back to the root certificate, confirming the legitimacy of the ES component. By standardizing on X.509 certificates and a defined validation algorithm, the system ensures interoperability and security across different ES components, preventing unauthorized access and tampering. The use of a regional or global accreditation authority further enhances trust, as it centralizes the validation process under a recognized entity. This approach is particularly useful in environments where secure communication between multiple ES components is critical, such as military or government networks.
37. The method of claim 1 wherein the ES CoT is established, modified, and terminated utilizing a web-of-trust model to allow for a component of an establishing or established ES CoT to authenticate another component to be added to the same ES CoT.
This invention relates to secure communication networks, specifically a method for establishing, modifying, and terminating an End-to-End Secure Communication Trust (ES CoT) using a web-of-trust model. The web-of-trust model enables components within an ES CoT to authenticate and verify other components before allowing them to join the same secure communication network. The method ensures that only trusted components can participate in the ES CoT, enhancing security and preventing unauthorized access. The web-of-trust model operates by leveraging existing trust relationships between components, where each component can vouch for the authenticity of another component. This decentralized approach eliminates the need for a central authority, reducing single points of failure and improving scalability. The method also allows for dynamic modification of the ES CoT, enabling components to be added or removed as needed while maintaining security. Termination of the ES CoT is similarly controlled, ensuring that the secure communication network is dismantled only when authorized. The invention is particularly useful in distributed systems where trust must be established and maintained without relying on a centralized trust authority.
38. The method of claim 37 wherein the web-of-trust model is based on Pretty Good Privacy (PGP) encryption.
This method uses a "web-of-trust" system, similar to how Pretty Good Privacy (PGP) encryption works, to verify identities and establish trust between users.
39. The method of claim 37 wherein the web-of-trust model is based on OpenPGP or a future derivative.
A system and method for secure digital communication and identity verification leverages a web-of-trust model to establish trust between users. The system addresses the problem of verifying digital identities in decentralized networks where centralized authorities are absent or unreliable. The web-of-trust model relies on user-generated endorsements, where individuals vouch for the authenticity of others' identities, creating a network of trust relationships. This approach enhances security by reducing dependence on single points of failure and mitigating risks associated with centralized identity verification systems. The method involves generating cryptographic keys for users, allowing them to sign and verify messages, documents, or other digital assets. Users can issue trust endorsements to others, and these endorsements propagate through the network, forming a distributed trust graph. The system evaluates trust levels based on the number and reliability of endorsements, ensuring that identities are verified through multiple independent sources. This decentralized approach improves resilience against attacks and fraud while maintaining privacy. The web-of-trust model is implemented using OpenPGP or a future derivative, ensuring compatibility with existing cryptographic standards. OpenPGP provides a well-established framework for key management, encryption, and digital signatures, making it a robust foundation for the trust model. The system may also incorporate additional cryptographic techniques to enhance security and scalability. By leveraging OpenPGP, the method ensures interoperability with widely adopted security protocols while maintaining flexibility for future advancements.
40. The method of claim 1 wherein the established ES CoT is used to verify and/or guarantee the authenticity of the ES operation requestor and the validity of the ES operation contents being requested to be only for a valid ES purpose.
This invention relates to a method for verifying and guaranteeing the authenticity of an operation requestor and the validity of the requested operation contents in an enterprise system (ES). The method ensures that the requested operation is for a valid enterprise purpose, preventing unauthorized or malicious activities. The process involves establishing a chain of trust (CoT) within the enterprise system, which serves as a framework for authentication and validation. The CoT is used to confirm the identity of the requestor and verify that the operation contents align with legitimate enterprise objectives. This includes checking that the requestor has the necessary permissions and that the operation does not violate security policies or business rules. The method may also involve logging and auditing the verification process to maintain accountability. By integrating the CoT into the operation request workflow, the system ensures that only authorized and valid operations are executed, enhancing security and operational integrity. This approach is particularly useful in environments where strict access control and compliance are required, such as financial institutions, healthcare systems, or government agencies. The method reduces the risk of fraud, data breaches, and unauthorized access while maintaining operational efficiency.
41. The method of claim 1 wherein the established ES CoT is used to guarantee the message integrity of all ES request/response and CoT modification/termination messaging sent and received amongst the members of the ES CoT.
This invention relates to secure communication networks, specifically a method for ensuring message integrity within an established Endpoint Security (ES) Chain of Trust (CoT). The problem addressed is the vulnerability of communication systems to tampering or unauthorized modifications during message exchanges between network members, which can compromise security and reliability. The method involves using the established ES CoT to verify the integrity of all messages exchanged among its members. This includes request/response communications and any modifications or terminations of the CoT itself. The ES CoT acts as a trusted framework that enforces cryptographic checks or other validation mechanisms to confirm that messages have not been altered during transmission. This ensures that only authenticated and unmodified messages are processed, preventing unauthorized access or manipulation of sensitive data. The ES CoT may be established through a secure initialization process, where participating members are authenticated and cryptographic keys or certificates are exchanged. Once established, the CoT provides a continuous integrity verification mechanism for all subsequent communications. This method is particularly useful in environments where secure and tamper-proof messaging is critical, such as financial transactions, military communications, or industrial control systems. By leveraging the ES CoT, the system ensures that all interactions between members remain secure and reliable.
42. The method of claim 1 wherein the established ES CoT is used to guarantee the confidentiality of all ES operation requests and responses and CoT modification and termination messaging sent and received amongst the members of a particular ES CoT.
This invention relates to secure communication within an Enterprise Security Context of Trust (ES CoT), addressing the need for confidentiality in enterprise security operations. The method ensures that all operation requests, responses, and messaging related to CoT modifications or terminations are protected from unauthorized access. The ES CoT is a predefined secure communication framework established among members of an enterprise security system. Within this framework, all interactions—including requests for security operations, corresponding responses, and administrative messages—are encrypted or otherwise secured to prevent interception or tampering. The method enforces strict access controls, ensuring that only authorized members can participate in the CoT and that all communications remain confidential. This approach mitigates risks associated with data breaches, unauthorized access, and interception of sensitive security-related information. The invention is particularly useful in environments where secure collaboration among security personnel, systems, or devices is critical, such as in cybersecurity operations, enterprise IT management, or government security applications. By guaranteeing confidentiality, the method enhances trust and integrity in security communications, reducing vulnerabilities in enterprise security infrastructures.
43. The method of claim 1 wherein a terminal/MS, CPE, VPN client, ES user agent, or other general user agent is used to relay ES CoT management messaging, ES operation requests/responses, and/or other general messaging to/from the ASN over the MAC layer interface between the terminal/MS and ASN to overcome the inability of the ASN/CSN to receive and respond to these messages directly due to a VPN tunnel that terminates in a terminal/MS, CPE, VPN client, ES user agent, or other general user agent.
This invention relates to wireless communication systems where a VPN tunnel terminates at a terminal, mobile station (MS), customer premises equipment (CPE), VPN client, or user agent, preventing direct communication between the access service network (ASN) and core service network (CSN) for certain messages. The problem arises because the VPN tunnel blocks direct exchange of emergency services (ES) context of trust (CoT) management messages, operation requests/responses, and other general messaging between the ASN and CSN. The solution involves using the terminal, CPE, VPN client, or user agent to relay these messages over the MAC layer interface between the terminal and ASN. This relay mechanism ensures that the ASN and CSN can still communicate despite the VPN tunnel's restrictions. The method applies to various user agents, including ES-specific and general-purpose agents, enabling seamless message exchange for ES operations and other functions. The relay approach overcomes the limitation imposed by the VPN tunnel, ensuring proper message delivery and system functionality.
44. The method of claim 1 wherein the ASN/CSN allows a leap-of-faith unauthenticated and/or unsubscribed grant of ES level network access to the terminal/MS to attempt the establishment of an ES session with the expectation a ES CoT will be established shortly thereafter that allows the ASN/CSN to validate or invalidate the authenticity of the attempted ES session by the terminal/MS.
This invention relates to wireless communication systems, specifically methods for managing network access and session establishment in environments where authentication and subscription status may be initially unknown. The problem addressed is the need to provide temporary network access to a terminal or mobile station (MS) without prior authentication, while ensuring that a secure session can be established shortly thereafter to validate the device's legitimacy. The method involves an Access Service Network (ASN) and Core Service Network (CSN) granting unauthenticated or unsubscribed access to a terminal to attempt establishing an Encrypted Session (ES). This "leap-of-faith" approach allows the terminal to initiate an ES session without immediate validation. The ASN/CSN then monitors the session to determine whether a secure ES Connection of Trust (CoT) can be established. If the CoT is successfully formed, the terminal's authenticity is validated, and the session continues. If not, the session is terminated, preventing unauthorized access. This approach balances security and usability by allowing initial access while ensuring that only legitimate devices maintain prolonged connectivity. The method is particularly useful in scenarios where immediate authentication is impractical, such as in roaming or emergency situations, while still mitigating risks of unauthorized access.
45. The method of claim 44 wherein the ASN/CSN and/or associated backend network components can collect and keep records of invalid ES session attempts by the terminal/MS that can be used for purposes such as blacklisting, certificate revocation list additions, and/or legal action against the owner and/or subscriber of the terminal/MS.
This invention relates to network security in wireless communication systems, specifically addressing the problem of unauthorized or malicious session attempts by mobile terminals or subscriber devices. The method involves monitoring and recording invalid session attempts made by a terminal or mobile station (MS) to an Evolved Packet System (EPS) or other network infrastructure. The Access Stratum (ASN) and Core Stratum Network (CSN) components, along with associated backend network elements, are configured to detect and log these failed session attempts. The recorded data can then be used for various security and enforcement actions, including blacklisting the terminal, updating certificate revocation lists, or initiating legal proceedings against the device owner or subscriber. The system enhances network security by identifying and mitigating potential threats from compromised or malicious devices, ensuring the integrity and reliability of the communication network. The recorded session attempt data may include timestamps, device identifiers, and other relevant metadata to support these security measures. This approach provides a proactive mechanism for detecting and responding to unauthorized access attempts, reducing the risk of network exploitation.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 18, 2008
July 30, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.